Title: Risk assessment and attack graph generation for collaborative infrastructures: a survey

Authors: Kirsty E. Lever; Kashif Kifayat

Addresses: PROTECT: Research Centre for Critical Infrastructure Computer Technology and Protection, School of Computing and Mathematical Sciences, Liverpool John Moores University, Liverpool, L3 3AF, UK ' PROTECT: Research Centre for Critical Infrastructure Computer Technology and Protection, School of Computing and Mathematical Sciences, Liverpool John Moores University, Liverpool, L3 3AF, UK

Abstract: Collaborative infrastructures allow physical, cyber and human elements to be combined and can integrate legacy systems with new technology. As organisations globally continue to take advantage of the benefits collaboration affords, it is vital that the methods for defending these systems do not fail due to societal dependence upon the assets of these critical infrastructures. Risk assessment methods and attack graphs provide platforms that facilitate modelling, detection and analysis of these collaborative networks. They endeavour to provide functionality to identify potential vulnerabilities within these large infrastructures, which potentially could leave systems exposed. Current methods are inadequate despite increased research and development. Existing schemas failings include accurate identification of relationships and interdependencies between risks and reduction of attack graph size and generation complexity. In this paper, we present a critical analysis of methods and tools which were developed to assist with risk assessment and attack graph generation within large networked environments.

Keywords: collaborative infrastructures; systems-of-systems; SoS; risk assessment; attack graphs; critical infrastructures; modelling; detection; infrastructure vulnerabilities; attack graph generation; large networks; collaboration.

DOI: 10.1504/IJCCBS.2016.079081

International Journal of Critical Computer-Based Systems, 2016 Vol.6 No.3, pp.204 - 228

Available online: 11 Sep 2016 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article